Skip to main content
Skip table of contents

Log 4J vulnerability information for Digital Access

As stated on Nexus DOC it is highly recommended to upgrade Digital Access to version 6.1.1 or later. If this is not possible, an option is presented in this article on how to patch the Digital Access images directly.

Internet access is required when fetching the Alpine image used for the tar operation. If your network is air-gapped, please contact Nexus support on how to prepare the Alpine image and how to manually upload it to the environment running the Digital Access images.


Prerequisites

Prerequisites

It is recommended to patch all Java based Digital Access services:

  • Policy service
  • Authentication service
  • Distribution service

If you encounter problems using this patch procedure, please contact Nexus support.

Step-by-step instruction

Download the patch
  1. Download the file Dockerfile-patch-log4j from the Support Download portal.
  2. Place the docker file on the server running the old versions of Nexus images.
Run the docker build command

This is the syntax of the docker build command. Before you run the command, update REPLACE1 and REPLACE2, see an example in step 1 below:

docker build command syntax

CODE
docker build \

  --file ./Dockerfile-patch-log4j \
  --tag log4j-patch/REPLACE1 \
  --build-arg SRC_IMAGE=REPLACE2
  1. Run the docker build command.

    Example: docker build command

    CODE
    docker build \  
    
    --file ./Dockerfile-patch-log4j \  
    --tag log4j-patch/policy-service:6.0.7.73936 \  
    --build-arg SRC_IMAGE=nexusimages.azurecr.io/smartid-digitalaccess/policy-service:6.0.7.73936
  2. Backup the docker-compose.yml file and then change the image to, for example:
    log4j-patch/policy-service:6.0.7.73936
Restart containers

Restart the containers:

CODE
// In case of docker-swarm
docker stack rm da                      //where da is the deployment stack name
bash /opt/nexus/scripts/start-all.sh    // to start the services

// Other setups
docker-compose down
docker-compose up -d
Rollback

If something goes wrong, revert by doing:

  1. Restore original image in the docker-compose.yml file and restart the containers.
Clean-up
  1. Remove local image when no longer needed. The container must first be stopped and then removed:

    CODE
    docker image rm [IMAGE ID]


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.